How to Read and Edit Systemd Logs using Journalctl in linux
Last Updated :
23 Jul, 2025
In the realm of Linux system administration, managing logs is an indispensable task. System logs are crucial for understanding the health, performance, and troubleshooting of a system. Systemd, the init system widely adopted by modern Linux distributions, introduced a centralized logging system called the Journal. `journalctl` is the primary tool provided by Systemd for accessing and managing these logs. In this article, we will delve into the intricacies of `journalctl`, learning how to read, filter, and edit Systemd logs effectively.
Understanding the Journalctl
Before diving into `journalctl`, it's essential to grasp the basics of the Journal. Systemd's Journal collects log data from various sources, including the kernel, system services, and user programs. Unlike traditional text-based log files scattered across the filesystem, the Journal stores logs in a binary format within a centralized location.
Key Features of the Journalctl:
- Indexed Data: The Journal indexes log data, enabling fast and efficient queries.
- Structured Information: Log entries in the Journal contain structured metadata, such as timestamps, severity levels, and originating processes.
- Preservation: Systemd retains logs across reboots, providing a persistent log history.
- Access Control: Access to the Journal is managed by Systemd, ensuring only authorized users can view logs.
Reading logs:
`journalctl` is a powerful command-line utility for querying and analyzing the Systemd Journal. Let's explore some common tasks performed with `journalctl`:
1. Basic usage:
By default, journalctl displays all log entries from the current boot, starting with the oldest.
Example:
journalctl
Viewing logs using journalctl2. Filter by priority:
The -p flag in journalctl instructs it to filter log messages by their priority level. Systemd associates a priority level with each log message, indicating its severity We use -p option to display messages of a specific priority.
Option
| Used for
|
|---|
err
| Errors
|
|---|
warn
| Warnings
|
|---|
info
| Informational messages
|
|---|
notice
| Normal operational messages
|
|---|
debug
| Debugging messages
|
|---|
Syntax: journalctl -p <option>
Example:
journalctl -p err
Displaying logs using error as a priority3. Filter by unit:
The -u option in journalctl instructs it to filter the logs and display only the entries related to a specific systemd service also called a "unit".
We use -u followed by a specific systemd unit (service, process, etc.) to view its logs.
Syntax: journalctl -u service_name
Example:
journalctl -u gdm.service
displaying logs for gnome display manager using -u4. View latest entries:
We use -f to show the journal in it's real-time. Here new logs are added at the end in real time.
Essentially, journalctl -f opens a live feed to system's logs. This is incredibly useful for:
- Debugging: See errors or warnings as they occur, which helps rapidly troubleshoot issues.
- Live Monitoring: Keep an eye on system processes, services, or applications in real-time to ensure smooth operation.
- Server Administration: Track activity and potential problems on a server for proactive maintenance.
Example:
journalctl -f
Viewing latest entries using -f 5. Specific boot:
We use -b to view logs from specific boot
Option
| Used for
|
|---|
-b 0
| current boot
|
|---|
-b -1
| previous boot
|
|---|
Example:
journalctl -b -1
Viewing logs entries from previous boot6. Show specific number of entries:
The -n flag tells journalctl to display a specified number of log entries starting from the most recent ones.
We use -n to display a limited number of entries.
Syntax: journalctl -n <number of entries>
Example:
Here we only show 10 entries.
journalctl -n 10
limiting output to 10 lines. 7. Show entries within a time range:
We use --since and --until to specify a time range to show entries.
- --since: Shows log entries newer than the specified time or date.
- --until: Shows log entries older than the specified time or date.
We can pass following types of time formats,
- Relative:
- "yesterday"
- "1 hour ago"
- "5 days ago"
- Absolute:
- "2024-02-28 14:35:00" (YYYY-MM-DD HH:MM:SS)
- "2024-02-28" (Will display logs from the start of that day)
Example:
journalctl --since "yesterday" --until "now"
showing entries within a time range Editing logs:
Journalctl is a powerful tool for viewing and filtering systemd logs in Linux, it cannot directly edit the log entries themselves. Systemd logs are stored in a compressed binary format for efficiency and consistency. Modifying them directly could corrupt the log data and hinder troubleshooting efforts. However, filtering the logs can be an alternate approach to address potential issues identified within the logs
We can do following things to achieve it.
1. Clear logs:
We use --vacuum-size=SIZE to to remove old log entries exceeding the specified size.
Example:
In this example we remove logs exceeding 100 MB.
command: sudo journalctl --vacuum-size=100M
removing logs exceeding 100 MB2. Setting output format:
We use various options as follows to customize the output format as needed.
Option
| Used for
|
|---|
-o short
| default format, similar to traditional syslog output (timestamp, priority, unit, message).
|
|---|
-o short-iso
| similar to short but uses ISO 8601 timestamps
|
|---|
-o short-monotonic
| similar to short but shows timestamps with monotonic seconds.
|
|---|
-o short-precise
| similar to short but displays timestamps with microsecond precision
|
|---|
-o cat
| displays only the message field
|
|---|
-o json
| outputs entries in JSON format (one entry per line).
|
|---|
-o json-pretty
| similar to json but formatted for better readability with indentation
|
|---|
-o json-sse
| JSON output wrapped for server-sent event compatibility
|
|---|
-o export
| binary format suitable for backups or transferring logs
|
|---|
-o verbose
| shows very detailed information for each log entry, including all available fields
|
|---|
Example:
journalctl -o json
JSON formatting using -o json3. Archive logs:
We use --rotate to create a compressed archive of older logs.
sudo journalctl --rotate
Archiving older logs4. Exporting logs:
We use --export followed by file name to export specific logs into a binary file for backup or transfer.
Example:
Here we exported logs from yesterday in past_logs.jnl file.
journalctl -u mysql --since yesterday > past_logs.jnl
exporting logs Conclusion
Journalctl is a powerful tool for viewing and managing system logs in systems using systemd. By understanding its basic functionalities and filtering options, we can effectively troubleshoot issues, analyze system behavior, and maintain system health. Journalctl offers a centralized, powerful, and versatile approach to managing system logs in Linux, making it an essential tool for system administrators.
Similar Reads
Linux/Unix Tutorial Linux is one of the most widely used open-source operating systems. It's fast, secure, stable, and powers everything from smartphones and servers to cloud platforms and IoT devices. Linux is especially popular among developers, system administrators, and DevOps professionals.Linux is:A Unix-like OS
10 min read
Getting Started with Linux
What is Linux Operating SystemLinux is based on the UNIX operating system. UNIX is a powerful, multi-user, multitasking operating system originally developed in the 1970s at AT&T Bell Labs. It laid the foundation for many modern operating systems, including Linux.Linux is free and open-source, accessible to everyone.Its sour
10 min read
LINUX Full Form - Lovable Intellect Not Using XPLINUX stands for Lovable Intellect Not Using XP. Linux was developed by Linus Torvalds and named after him. Linux is an open-source and community-developed operating system for computers, servers, mainframes, mobile devices, and embedded devices. Linux receives requests from system programs and it r
2 min read
Difference between Linux and WindowsLinux: Linux could be a free and open supply OS supported operating system standards. It provides programming interface still as programme compatible with operating system primarily based systems and provides giant selection applications. A UNIX operating system additionally contains several several
7 min read
What are Linux Distributions ?A Linux distribution, often shortened to “distro,†is a packaged version of Linux that comes with the Linux kernel plus a collection of software and utilities that make the OS functional and user-friendly. Some distros are optimized for business environments, offering tools for productivity and ente
8 min read
Difference between Unix and LinuxUnix was created in the 1970s by Ken Thompson and Dennis Ritchie at Bell Labs. Dennis Ritchie was also the creator of the C programming language. Originally a command-line operating system, Unix has evolved to support graphical interfaces (GUI) as well. It became popular in universities, enterprises
5 min read
Installation with Linux
How to Install Arch Linux in VirtualBox?Installing Arch Linux on a virtual machine is an excellent way to experience this powerful and flexible Linux distribution without affecting your main system. If you're looking to install Arch Linux in VirtualBox, this guide will take you through the process step-by-step. Arch Linux is known for its
7 min read
Fedora Linux Operating SystemFedora Linux is a free and open-source operating system based on the Linux kernel and was developed by the community-supported Fedora Project. It is known for its fast release cycle, which keeps the operating system up to date with the latest software and technologies.What is the Fedora Linux Operat
12 min read
How to install Ubuntu on VirtualBox?Installing Ubuntu on VirtualBox is a great way to experience the powerful features of this popular Linux distribution without altering your main operating system. Whether you’re a developer, a student, or simply curious about Linux, setting up Ubuntu on VirtualBox allows you to test and explore in a
6 min read
How to Install Linux Mint?Linux Mint is the second-largest Linux-based distro used in the world. Linux Mint is a community-driven Linux distribution based on Ubuntu which itself is based on Debian and bundled with a variety of free and open-source applications. So here we discuss the installation of Linux mint. Installation
3 min read
How to Install Kali Linux on Windows?Kali Linux is an open-source Linux distribution based on Debian, designed for sophisticated penetration testing and security auditing. Kali Linux includes hundreds of tools for diverse information security activities such as penetration testing, security research, computer forensics, and reverse eng
2 min read
How to Install Linux on Windows PowerShell Subsystem?There are several ways to Install a Linux subsystem on your Windows PC Powershell Environment. It is good for learners, but it is recommended using original Linux OS if you are a developer as the Subsystem lacks the pre-installed Linux tools. Before we begin installing a Linux subsystem, we need to
2 min read
How to Find openSUSE Linux Version?openSUSE is well known for its GNU/Linux-based operating systems, mainly Tumbleweed, a tested rolling release, and Leap, a distribution with Long-Term-Support(LTS). MicroOS and Kubic are new transactional, self-contained distributions for use as desktop or container runtime. Here we figure out which
2 min read
How to Install CentOSCentOS is a popular open-source Linux distribution aimed at servers and provides compatibility with Red Hat's RPM package manager. It is built with the goal of providing a stable operating system that provided great compatibility with the upstream RHEL (Red hat enterprise Linux) CentOS is therefore
2 min read
Linux Commands
Linux CommandsLinux commands are essential for controlling and managing the system through the terminal. This terminal is similar to the command prompt in Windows. It’s important to note that Linux/Unix commands are case-sensitive. These commands are used for tasks like file handling, process management, user adm
15+ min read
Essential Unix CommandsUnix commands are a set of commands that are used to interact with the Unix operating system. Unix is a powerful, multi-user, multi-tasking operating system that was developed in the 1960s by Bell Labs. Unix commands are entered at the command prompt in a terminal window, and they allow users to per
7 min read
How to Find a File in Linux | Find CommandThe find command in Linux is used to search for files and directories based on name, type, size, date, or other conditions. It scans the specified directory and its sub directories to locate files matching the given criteria.find command uses are:Search based on modification time (e.g., files edited
9 min read
Linux File System
Linux File SystemA file system is a structured method of storing and managing data—including files, directories, and metadata—on your machine. Think of it like a library. If thousands of books were scattered around, finding one would be hard. But in an organized structure, like labeled shelves, locating a book becom
12 min read
Linux File Hierarchy StructureThe Linux File Hierarchy Structure or the Filesystem Hierarchy Standard (FHS) defines the directory structure and directory contents in Unix-like operating systems. It is maintained by the Linux Foundation. In the FHS, all files and directories appear under the root directory /, even if they are sto
6 min read
Linux Directory StructureIn Linux, everything is treated as a file even if it is a normal file, a directory, or even a device such as a printer or keyboard. All the directories and files are stored under one root directory which is represented by a forward slash /. The Linux directory layout follows the Filesystem Hierarchy
6 min read
Linux Kernel
Linux KernelLinux Kernel is the heart of Linux operating systems. It is an open-source (source code that can be used by anyone freely) software that is most popular and widely used in the industry as well as on a personal use basis. Who created Linux and why? Linux was created by Linus Torvalds in 1991 as a hob
4 min read
Kernel in Operating SystemA kernel is the core part of an operating system. It acts as a bridge between software applications and the hardware of a computer. The kernel manages system resources, such as the CPU, memory and devices, ensuring everything works together smoothly and efficiently. It handles tasks like running pro
9 min read
How Linux Kernel Boots?Many processes are running in the background when we press the system's power button. It is very important to learn the Linux boot process to understand the workings of any operating system. Knowing how the kernel boots is a must to solve the booting error. It is a very interesting topic to learn, l
11 min read
Difference between Operating System and KernelIn the world of computing, two terms that are frequently mentioned are Operating System (OS) and Kernel. In this article, we will explore the key differences between the OS and the Kernel, their functions, and how they work together to manage hardware and software.What is an Operating System?An Oper
3 min read
Linux Kernel Module Programming: Hello World ProgramKernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. Custom codes can be added to Linux kernels via two methods. The basic way is to add the code to the kernel source tree and
7 min read
Linux Loadable Kernel ModuleIf you want to add code to a Linux kit, the basic way to do that is to add source files to the kernel source tree and assemble the kernel. In fact, the process of setting up the kernel consists mainly of selecting which files to upload to the kernel will be merged. But you can also add code to the L
7 min read
Loadable Kernel Module - Linux Device Driver DevelopmentFor Linux device drivers, we can use only two languages: Assembler and C. Assembler implements the main parts of the Linux kernel, while C implements the architecture-dependent parts. Uploaded kernel modules are often referred to as kernel modules or modules, but those are misleading names because t
4 min read
Linux Networking Tools
Network configuration and troubleshooting commands in LinuxComputers are often connected to each other on a network. They send requests to each other in the form of packets that travel from the host to the destination. Linux provides various commands from network configuration and troubleshooting. Network Configuration and Troubleshooting Commands in Linux
5 min read
How to configure network interfaces in CentOS?A network interface is a link between a computer and another network(Private or Public). The network interface is basically a card which is known as NIC or Network Interface Card, this does not necessarily have to be in a physical form instead, it can be inbuilt into the software. If we take the exa
5 min read
Command-Line Tools and Utilities For Network Management in LinuxIf you are thinking of becoming a system administrator, or you are already a system admin, then this article is for you.As a system admin, your daily routine will include configuring, maintaining, troubleshooting, monitoring, securing networks, and managing servers within data centers. Network confi
8 min read
Linux - Network Monitoring ToolsNetwork monitoring is using a system (hardware or software) that continuously observes your network and the data flows through it, depending on how the monitoring solution actually functions and informs the network administrator. We can keep a check on all the activities of our network easily. While
4 min read
Linux Process
Linux Firewall
Shell Scripting & Bash Scripting
Introduction to Linux Shell and Shell ScriptingWhenever we use any modern operating system like Linux, macOS, or Windows we are indirectly interacting with a shell, the program that interprets and executes our commands. While running Ubuntu, Linux Mint, or any other Linux distribution, we are interacting with the shell by using the terminal. In
8 min read
What is Terminal, Console, Shell and Kernel?Understanding the terms terminal, console, shell, and kernel is crucial for anyone working with computers or learning about operating systems. These concepts are key components of how we interact with our devices and software. The terminal is a text-based interface used to interact with the computer
5 min read
How to Create a Shell Script in linuxShell is an interface of the operating system. It accepts commands from users and interprets them to the operating system. If you want to run a bunch of commands together, you can do so by creating a shell script. Shell scripts are very useful if you need to do a task routinely, like taking a backup
7 min read
Shell Scripting - Different types of VariablesThe shell is a command-line interpreter for Linux and Unix systems. It provides an interface between the user and the kernel and executes commands. A sequence of commands can be written in a file for execution in the shell. It is called shell scripting. It helps to automate tasks in Linux. Scripting
4 min read
Bash Scripting - Introduction to Bash and Bash ScriptingBash is a command-line interpreter or Unix Shell and it is widely used in GNU/Linux Operating System. It is written by Brian Jhan Fox. It is used as a default login shell for most Linux distributions. Scripting is used to automate the execution of the tasks so that humans do not need to perform them
12 min read
Bash Script - Define Bash Variables and its typesVariables are an important aspect of any programming language. Without variables, you will not be able to store any required data. With the help of variables, data is stored at a particular memory address and then it can be accessed as well as modified when required. In other words, variables let yo
12 min read
Shell Scripting - Shell VariablesA shell variable is a character string in a shell that stores some value. It could be an integer, filename, string, or some shell command itself. Basically, it is a pointer to the actual data stored in memory. We have a few rules that have to be followed while writing variables in the script (which
6 min read
Bash Script - Difference between Bash Script and Shell ScriptIn computer programming, a script is defined as a sequence of instructions that is executed by another program. A shell is a command-line interpreter of Linux which provides an interface between the user and the kernel system and executes a sequence of instructions called commands. A shell is capabl
4 min read
Shell Scripting - Difference between Korn Shell and Bash shellKorn Shell: Korn Shell or KSH was developed by a person named David Korn, which attempts to integrate the features of other shells like C shell, Bourne Shell, etc. Korn Shell allows developers to generate and create new shell commands whenever it is required. Korn shell was developed a long year bac
3 min read
Shell Scripting - Interactive and Non-Interactive ShellA shell gives us an interface to the Unix system. While using an operating system, we indirectly interact with the shell. On Linux distribution systems, each time we use a terminal, we interact with the shell. The job of the shell is to interpret or analyze the Unix commands given by users. A shell
3 min read
Shell Script to Show the Difference Between echo “$SHELL†and echo ‘$SHELL’In shell scripting and Linux, the echo command is used to display text on the terminal or console. When used with the $SHELL variable, which contains the path of the current user's shell program, the output of the echo command can be different depending on whether the variable is enclosed in single
4 min read